CVE-2020-2226 — Cross-site Scripting in Project Jenkins Matrix Authorization Strategy Plugin

CWE-79 — Cross-site Scripting6 documents6 sources

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 71.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Matrix Authorization Strategy Plugin Jenkins Matrix Authorization Strategy Jenkins Deployer Framework Plugin +6 more

Timeline

PublishedJul 15

Latest updateMay 24

Description

Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages9 packages

▶CVEListV5jenkins_project/jenkins_matrix_authorization_strategy_pluginunspecified — 2.6.1

▶jenkinsjenkins/matrix_authorization_strategy_plugin

▶NVDjenkins/matrix_authorization_strategy2.6.1

▶jenkinsjenkins/matrix_project_plugin

▶jenkinsjenkins/deployer_framework_plugin

🔴Vulnerability Details

GHSA

Stored XSS vulnerability in Jenkins Matrix Authorization Strategy Plugin↗2022-05-24

▶

OSV

Stored XSS vulnerability in Jenkins Matrix Authorization Strategy Plugin↗2022-05-24

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2020-07-15↗2020-07-15

▶

Red Hat

jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin↗2020-07-15

▶

💬Community

Bugzilla

CVE-2020-2226 jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin↗2020-07-15

▶